PreVote capability in raft.h and tracing for it #7419
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…h pre-vote enabled and pre-vote disabled
cjen1-msft
commented
Oct 31, 2025
cjen1-msft
commented
Oct 31, 2025
Contributor
There was a problem hiding this comment.
Pull Request Overview
This pull request implements the PreVote extension for the Raft consensus protocol to prevent disruption from network-partitioned nodes that can send RequestVote messages but cannot hear AppendEntries from the current leader.
Key changes:
- Introduces a
PreVoteCandidateleadership state where nodes first request speculative pre-votes before starting actual elections - Changes
preVoteStatusfrom a global set to a per-server function mapping each server to its PreVote capability set - Adds
is_pre_voteflag to RequestVote and RequestVoteResponse messages to differentiate pre-vote from actual vote requests
Reviewed Changes
Copilot reviewed 15 out of 15 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| tla/consensus/ccfraft.tla | Changes preVoteStatus to per-server mapping and updates all references to use indexed access |
| tla/consensus/Traceccfraft.tla | Updates trace validation to handle PreVoteCandidate state and per-server preVoteStatus |
| tla/consensus/SIMccfraft.tla | Updates simulation initialization to use per-server preVoteStatus with consistency constraint |
| tla/consensus/MCccfraft.tla | Updates model checking initialization to use per-server preVoteStatus with consistency constraint |
| tla/consensus/MCAliases.tla | Adds preVoteStatus to debug output and enables trace debugging |
| tests/raft_scenarios/pre_vote_split | New test scenario validating PreVote behavior with mixed PreVote capabilities |
| tests/raft_scenarios/pre_vote | New test scenario validating basic PreVote election and migration behavior |
| src/kv/kv_types.h | Adds PreVoteCandidate to LeadershipState enum |
| src/consensus/aft/test/driver.h | Adds PreVote configuration support and fixes detail value extraction |
| src/consensus/aft/test/driver.cpp | Adds pre_vote_enabled command to test driver |
| src/consensus/aft/raft_types.h | Adds is_pre_vote field to RequestVote and RequestVoteResponse messages |
| src/consensus/aft/raft.h | Implements PreVote logic including become_pre_vote_candidate and vote handling |
| src/consensus/aft/impl/state.h | Adds pre_vote_enabled field to State structure |
| scripts/trace_scenario.sh | New script to build, run, and validate Raft scenarios against TLA+ spec |
| doc/architecture/consensus/index.rst | Adds comprehensive documentation of PreVote extension and migration strategy |
achamayou
reviewed
Nov 3, 2025
achamayou
approved these changes
Nov 3, 2025
Co-authored-by: Amaury Chamayou <[email protected]>
Co-authored-by: Amaury Chamayou <[email protected]>
Co-authored-by: Amaury Chamayou <[email protected]>
Co-authored-by: Amaury Chamayou <[email protected]>
achamayou
reviewed
Nov 4, 2025
achamayou
reviewed
Nov 4, 2025
achamayou
reviewed
Nov 4, 2025
Co-authored-by: Amaury Chamayou <[email protected]>
Co-authored-by: Amaury Chamayou <[email protected]>
cjen1-msft
added
auto-backport
cjen1-msft
added a commit
to cjen1-msft/CCF
that referenced
this pull request
Nov 5, 2025
Co-authored-by: Copilot <[email protected]> Co-authored-by: Amaury Chamayou <[email protected]> Co-authored-by: Amaury Chamayou <[email protected]>
cjen1-msft
added a commit
to cjen1-msft/CCF
that referenced
this pull request
Nov 5, 2025
Co-authored-by: Copilot <[email protected]> Co-authored-by: Amaury Chamayou <[email protected]> Co-authored-by: Amaury Chamayou <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR makes raft.h capable to respond to pre-votes, but does not enable the PreVoteCandidate by default.
#7361
To be specific about the changes, this PR should largely be a noop for the existing tests as it does not enable the pre-vote by default and we have no way to do so manually.
(Whether/how to enable pre-vote is very much so up for debate)
If pre-vote is enabled, there are the following changes.
PreVoteCandidateand sendRequestVote{.is_pre_vote = true}recv_request_votem.is_pre_votethen don't update staterecv_request_vote_responseThere is a new trace_scenario.sh to make trace validation for a single test simpler.
Also updated
ccfraft.tlato make preVoteStatus per-node rather than a global per-network config.My aim for this PR is to nail down the raft.h changes wrt trace validation, with the expectation that no end-to-end tests should change (as nothing is enabled yet).
And this will be the PR that gets backported to 6.X (hopefully).